Jack McKinney wrote:
>
> Big Brother tells me that Greg White wrote:
> > Jack McKinney wrote:
> > >
> > SNIP
> > >
> > > Yes, but the only mail servers that will get postmaster bombed are
> > > ones that either condone spam by allowing users to send it out, or are
> > > open relays. If RBL and ORBS isn't enough to get these people to stop
> > > allowing relaying, perhaps postmaster mail filling up would...
> > >
> > SNIP
> >
> > Ummm, perhaps I misunderstand something completely here. Please correct
> > me if I'm wrong here. Here's how I see it working:
> >
> > I am a spammer. I own spamming.pissant.luser.domain. I send mail from
> > spamming.pissant.luser.domain, but I forge envelopes and From: to say
> > that I'm (for example) ibm.com, to beat pattern-matching spam checks,
> > and maybe fool some users that that's really where I'm from. Don't
> > bounces go to ibm.com? How are we, (in the example), as ibm.com, to
> > prevent these bounces from coming to us? Not to mention all the email
> > to [EMAIL PROTECTED], complaining about the spam... Am I missing something?
>
> Maybe. If the email is rejected AFTER being accepted by your mail
> server, then your mail server will bounce it based on the headers.
> If it is rejected at the SMTP port of your server (as is typical of
> the relay checking methods such as RBL and ORBS), then the sending mail
> server will generate the bounce. This won't triple bounce at IBM, it
> will triple bounce to _itself_.
>
> For example, I want to spam using [EMAIL PROTECTED] as the
> return address. I find an open relay at mail.irelay.com, so I connect
> to it and drop off a few hundred thousand copies of my message with
> my fake from address. You are on my spam list, and your server is
> rejecting mail via ORBS, which has contacted irelay.com to complain
> already, and irelay.com is unwilling or ignorant.
> My message does this:
>
> 1. My machine to mail.irelay.com over smtp. accepted.
> 2. mail.irelay.com contacts your mail server and tries to deliver the
> message. Your SMTP port rejects it because it comes from an open relay.
> 3. mail.irelay.com bounces the message to [EMAIL PROTECTED] If this
> address does not exist, then microsoft.com bounces the message back to
> mail.irelay.com.
> 4. This message is a triple bounce when it arrives at mail.irelay.com,
> though technically it is a bounce of a valid mailer-daemon mesasge.
> In any event, it ends up at [EMAIL PROTECTED]
SNIP
That's what I thought. So, if either of the following two items is true,
postmaster will still get the bounces:
1. The relay is not yet listed in an anti-relay domain.
2. The receiving SMTP host is not using strong anti-spam techniques
at all, such as rss,rbl,dul,orbs, etc.
Not helpful in all cases, given the ease of access to a new dialup
account,
and sending the forged header messages out through your ISPs
smarthost...
GW
